"The internet now represents the easiest way for cyber criminals to gain entry to corporate networks, as more users are accessing unregulated sites, downloading applications and streaming audio/video," said Carole Theriault, senior security consultant for Sophos.

"A great many businesses aren't geared up to gain insight into users' online behaviour, let alone control it," she added.

Hackers have turned to other routes for infecting computers as companies realise the need to secure e-mail gateways.

They are also subtly changing tactics - instead of sending so-called spyware-infected e-mails, they are sending e-mails linking to websites which contain a malicious downloader.

TOP TEN SPAM SENDERS

United States - 22%

China - 15.9%

South Korea - 7.4%

France - 5.4%

Spain - 5.1%

Poland - 4.5%

Brazil - 3.5%

Italy - 3.2%

Germany - 3.0%

United Kingdom - 1.9%

The file will attempt to download multiple Trojans - a type of program or message that looks benign but conceals a malicious payload - before it downloads a spyware component to offer more chances of success.

Links to websites containing Trojan downloaders account for 51% of infected mail while spyware-infected mail accounts for 42%, according to Sophos.

According to the report, 30% of all malware is now written in China. 17% is designed for the specific purpose of stealing passwords from online gamers, an indication that malware writing exploits country-specific online trends.

Sophos detected 41,536 new pieces of malware in 2006. Of these threats, Trojans now outnumber Windows viruses and worms by four to one.

Infected emails have fallen significantly from one in 44 during 2005 to just one in 337 during 2006.

Ninety per cent of all spam is sent from so-called zombie computers, machines that are hijacked by Trojan horses, worms and viruses.